0

I have access to the office from outside (VPN, e-mail, etc.). I have at home Internet from ISP(A) and at office from ISP(B). Everything were working fine till I received an e-mail from my ISP(A) that they needed change my public IP. From that moment I lost the connection with the office.

I checked everything from the office side and I don't see problem, for more, I can connect from other places without problem, even with the phone data connection is possible connect, so, I don't believe the issue come from the firewall at office.

I contacted to ISP(A) and they told me there is everything ok, they asked me for contact the ISP(B). I called to ISP(B) and they asked for the 'phone number' of my connection with ISP(A), but what I have from ISP(A) is a wireless connection (WiFi) with an Ubiquiti antenna, but ISP(B) insist that 'every Internet connection have a associated phone number'. Now I wrote to ISP(A) asking for that number, but I really don't understand how a phone number can be associated to a WiFi connection?? I didn't have answer yet.

For try to find the problem I tried:

  • Telnet to different ports, and never connect. Again, from other ISPs Telnet can connect
  • Traceroute and the packets died in an IP which belong to ISP(B), but I tried from others connection and always the packets are lost in the same IP, I believe there is something blocking the ICMP.

What more can I check and how can I debug where is the problem??

UPDATE:

Pfsense won't log all rules by default, so before I didn't see nothing in the logs, and by the rules are defined I believed everything look good. Now I started to log everything and I see the firewall is blocking the IP as a 'bogon network'. Concretely I get: b

lock drop in log quick on re 1 from bogons:3594 to any label block bogon ipv4 networks from wan

I think now I'm on the good way! any comment is welcome

HEDMON
  • 477
  • 3
  • 17
  • Maybee your IP at home changed? – Orphans Nov 04 '16 at 12:47
  • I also haven't seen phone numbers getting associated with phone numbers!, Did you try a traceroute from your office to home IP, and previous home IP? If you have a looking glass or access to bgp routes your ISP(B) has just lookup for routes of current home IP and previous home IP? – Anirudh Malhotra Nov 04 '16 at 13:11
  • @Orphans, yes, exactly from that moment began the problem. I believe ISP(A) change their own ISP. – HEDMON Nov 04 '16 at 14:03
  • @AnirudhMalhotra I will try the traceroute in that way. But I don't understand what do you mean with: "If you have a looking glass or access to bgp routes your ISP(B) has just lookup for routes of current home IP and previous home IP?" – HEDMON Nov 04 '16 at 14:04
  • No, your IP have maybee changed. Not your ISP. – Orphans Nov 04 '16 at 14:20
  • @Orphans That is what OP is saying... – Anirudh Malhotra Nov 04 '16 at 14:25
  • @AnirudhMalhotra Not in his answer to me. But there is nothing to do if he has DHCP. – Orphans Nov 04 '16 at 14:27
  • 1
    @HEDMON BGP is a routing protocol using which ISPs exchange routes. So I am suspecting maybe ISP(B) is not accepting the new IP route from ISP(A), so that is why asked to check BGP routing table of ISP(B) whether it has routes to your new and old IP(you can ask for the info from ISP(B) also). – Anirudh Malhotra Nov 04 '16 at 14:32
  • Unfortunately, this post doesn't contain any decent information on what isn't working, only some abstract complaints "I cannot connect". It should be updated with what you cannot connect to, which VPN type exactly are you using, is the office IP reachable with ICMP from your home network and so on. Badically, it's the issue your office network engineer should be dealing with, not you, because from your post I can assume you're not one of them. And it's too soon to wildguess. – drookie Nov 04 '16 at 21:21
  • @AnirudhMalhotra, the traceroute reach the home IP after 13 hops. At monday I will contact both ISP again and see what can I get from them. – HEDMON Nov 06 '16 at 18:29
  • @HEDMON well if thats the case somebody is blocking this new IPs VPN ports do a "traceroute -T -p (vpn port) (destination office VPN server IP)" from home and see where it stops. – Anirudh Malhotra Nov 06 '16 at 23:53
  • Thank you, I will try it from home. Just for be clear, the issue is not only the VPN, for example, I can't reach the e-mail in 443 port. This is why I think there is more than a simple port blocked. – HEDMON Nov 07 '16 at 02:43
  • @AnirudhMalhotra I have new info, please, see the question update. Thanks a lot for your help. – HEDMON Nov 08 '16 at 20:39

1 Answers1

0

Pfsense won't log all rules by default, so before I didn't see nothing in the logs. Now I started to log everything and I see the firewall is blocking the IP as a 'bogon network'. Concretely I get:

lock drop in log quick on re 1 from bogons:3594 to any label block bogon ipv4 networks from wan

Finally updating the bogon networks list on Pfsense was the solution.

HEDMON
  • 477
  • 3
  • 17